Bug 1211643 (CVE-2023-32324) - VUL-0: CVE-2023-32324: cups: buffer overflow vulnerability in the function format_log_line could cause a denial-of-service
Summary: VUL-0: CVE-2023-32324: cups: buffer overflow vulnerability in the function fo...
Status: RESOLVED FIXED
Alias: CVE-2023-32324
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P3 - Medium : Normal
Target Milestone: ---
Assignee: Johannes Meixner
QA Contact: Security Team bot
URL:
Whiteboard: CVSSv3.1:SUSE:CVE-2023-32324:5.9:(AV:...
Keywords:
Depends on:
Blocks:
 
Reported: 2023-05-23 09:17 UTC by Alexander Bergmann
Modified: 2023-06-26 11:15 UTC (History)
4 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Comment 9 Johannes Meixner 2023-06-01 11:18:38 UTC
https://github.com/OpenPrinting/cups/security/advisories/GHSA-cxc6-w2g7-69p7
is now public accessible
Comment 10 Marcus Meissner 2023-06-01 11:21:53 UTC
public
Comment 11 Marcus Meissner 2023-06-01 11:22:43 UTC
via oss-security

From: Zdenek Dohnal <zdohnal@redhat.com>
Subject: [oss-security] [vs] CVE-2023-32324 heap buffer overflow in cupsd
Date: Thu, 1 Jun 2023 12:35:16 +0200

there is currently embargoed CVE-2023-32324 in cups project:


      Summary

A heap buffer overflow vulnerability would allow a remote attacker to 
lauch a dos attack.


      Details

A buffer overflow vulnerability in the function |format_log_line| could 
allow remote attackers to cause a denial-of-service(DoS) on the affected 
system (not verified for possible arbitrary code execution).

The vulnerability affects the commit #c0c4037 and the latest commit 
#4310a07 on the GitHub master branch as well as the latest release 
version v2.4.2. I have only tested these versions so far.

Exploitation of the vulnerability can be triggered when the 
configuration file |cupsd.conf| sets the value of |loglevel |to |DEBUG| 
if the log location is set to a file.


      Reproduce
...
Comment 12 Johannes Meixner 2023-06-01 11:49:26 UTC
Submitted fix to openSUSE:Factory:
----------------------------------------------------------------
# osc request accept 1090271 \
 --message="Fix for CVE-2023-32324 \
            Heap buffer overflow in cupsd bsc#1211643"

Result of change request state: ok
openSUSE:Factory 
Forward this submit to it? ([y]/n)y
The following submit requests are already open: 990954, 1042341.
Supersede the old requests? (y/n/c) y
Fix for CVE-2023-32324 Heap buffer overflow in cupsd bsc#1211643
 (forwarded request 1090271 from jsmeix)
New request # 1090272
----------------------------------------------------------------
Comment 13 OBSbugzilla Bot 2023-06-01 12:35:04 UTC
This is an autogenerated message for OBS integration:
This bug (1211643) was mentioned in
https://build.opensuse.org/request/show/1090272 Factory / cups
Comment 14 Maintenance Automation 2023-06-01 16:30:05 UTC
SUSE-SU-2023:2347-1: An update that solves one vulnerability can now be installed.

Category: security (important)
Bug References: 1211643
CVE References: CVE-2023-32324
Sources used:
openSUSE Leap Micro 5.3 (src): cups-2.2.7-150000.3.43.1
openSUSE Leap 15.4 (src): cups-2.2.7-150000.3.43.1
openSUSE Leap 15.5 (src): cups-2.2.7-150000.3.43.1
SUSE Linux Enterprise Micro for Rancher 5.3 (src): cups-2.2.7-150000.3.43.1
SUSE Linux Enterprise Micro 5.3 (src): cups-2.2.7-150000.3.43.1
SUSE Linux Enterprise Micro for Rancher 5.4 (src): cups-2.2.7-150000.3.43.1
SUSE Linux Enterprise Micro 5.4 (src): cups-2.2.7-150000.3.43.1
Basesystem Module 15-SP4 (src): cups-2.2.7-150000.3.43.1
Basesystem Module 15-SP5 (src): cups-2.2.7-150000.3.43.1
Desktop Applications Module 15-SP5 (src): cups-2.2.7-150000.3.43.1
Development Tools Module 15-SP4 (src): cups-2.2.7-150000.3.43.1
Development Tools Module 15-SP5 (src): cups-2.2.7-150000.3.43.1
SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (src): cups-2.2.7-150000.3.43.1
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (src): cups-2.2.7-150000.3.43.1
SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (src): cups-2.2.7-150000.3.43.1
SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (src): cups-2.2.7-150000.3.43.1
SUSE Linux Enterprise Real Time 15 SP3 (src): cups-2.2.7-150000.3.43.1
SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (src): cups-2.2.7-150000.3.43.1
SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (src): cups-2.2.7-150000.3.43.1
SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (src): cups-2.2.7-150000.3.43.1
SUSE Linux Enterprise Server for SAP Applications 15 SP1 (src): cups-2.2.7-150000.3.43.1
SUSE Linux Enterprise Server for SAP Applications 15 SP2 (src): cups-2.2.7-150000.3.43.1
SUSE Linux Enterprise Server for SAP Applications 15 SP3 (src): cups-2.2.7-150000.3.43.1
SUSE Manager Proxy 4.2 (src): cups-2.2.7-150000.3.43.1
SUSE Manager Retail Branch Server 4.2 (src): cups-2.2.7-150000.3.43.1
SUSE Manager Server 4.2 (src): cups-2.2.7-150000.3.43.1
SUSE Enterprise Storage 7.1 (src): cups-2.2.7-150000.3.43.1
SUSE Enterprise Storage 7 (src): cups-2.2.7-150000.3.43.1
SUSE CaaS Platform 4.0 (src): cups-2.2.7-150000.3.43.1
SUSE Linux Enterprise Micro 5.2 (src): cups-2.2.7-150000.3.43.1
SUSE Linux Enterprise Micro for Rancher 5.2 (src): cups-2.2.7-150000.3.43.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 15 Maintenance Automation 2023-06-01 16:30:08 UTC
SUSE-SU-2023:2346-1: An update that solves one vulnerability can now be installed.

Category: security (important)
Bug References: 1211643
CVE References: CVE-2023-32324
Sources used:
SUSE OpenStack Cloud 9 (src): cups-1.7.5-20.39.1
SUSE OpenStack Cloud Crowbar 9 (src): cups-1.7.5-20.39.1
SUSE Linux Enterprise Server for SAP Applications 12 SP4 (src): cups-1.7.5-20.39.1
SUSE Linux Enterprise Software Development Kit 12 SP5 (src): cups-1.7.5-20.39.1
SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 (src): cups-1.7.5-20.39.1
SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 (src): cups-1.7.5-20.39.1
SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 (src): cups-1.7.5-20.39.1
SUSE Linux Enterprise High Performance Computing 12 SP5 (src): cups-1.7.5-20.39.1
SUSE Linux Enterprise Server 12 SP5 (src): cups-1.7.5-20.39.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5 (src): cups-1.7.5-20.39.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 16 Johannes Meixner 2023-06-21 11:40:19 UTC
https://build.opensuse.org/request/show/1090272
is accepted so this issue is FIXED.